/**
* shishi_encapreppart_get_key:
* @handle: shishi handle as allocated by shishi_init().
* @encapreppart: input EncAPRepPart variable.
* @key: newly allocated key.
*
* Extract the subkey from the encrypted AP-REP part.
*
* Return value: Returns SHISHI_OK iff succesful.
**/
int
shishi_encapreppart_get_key (Shishi * handle,
Shishi_asn1 encapreppart, Shishi_key ** key)
{
int res;
char *buf;
size_t buflen;
int32_t keytype;
res = shishi_asn1_read_int32 (handle, encapreppart,
"subkey.keytype", &keytype);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, encapreppart, "subkey.keyvalue",
&buf, &buflen);
if (res != SHISHI_OK)
return res;
if (shishi_cipher_keylen (keytype) != buflen)
return SHISHI_ENCAPREPPART_BAD_KEYTYPE;
res = shishi_key_from_value (handle, keytype, buf, key);
free (buf);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
/**
* shishi_authenticator_authorizationdata:
* @handle: shishi handle as allocated by shishi_init().
* @authenticator: authenticator as allocated by shishi_authenticator().
* @adtype: output authorization data type.
* @addata: newly allocated output authorization data.
* @addatalen: on output, actual size of newly allocated authorization data.
* @nth: element number of authorization-data to extract.
*
* Extract n:th authorization data from authenticator. The first
* field is 1.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_authenticator_authorizationdata (Shishi * handle,
Shishi_asn1 authenticator,
int32_t * adtype,
char **addata, size_t * addatalen,
size_t nth)
{
char *format;
int res;
size_t i;
res = shishi_asn1_number_of_elements (handle, authenticator,
"authorization-data", &i);
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
if (nth > i)
return SHISHI_OUT_OF_RANGE;
asprintf (&format, "authorization-data.?%zu.ad-type", nth);
res = shishi_asn1_read_int32 (handle, authenticator, format, adtype);
free (format);
if (res != SHISHI_OK)
return res;
asprintf (&format, "authorization-data.?%zu.ad-data", i);
res = shishi_asn1_read (handle, authenticator, format, addata, addatalen);
free (format);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
/**
* shishi_authenticator_get_subkey:
* @handle: shishi handle as allocated by shishi_init().
* @authenticator: authenticator as allocated by shishi_authenticator().
* @subkey: output newly allocated subkey from authenticator.
*
* Read subkey value from authenticator.
*
* Return value: Returns SHISHI_OK if successful or SHISHI_ASN1_NO_ELEMENT
* if subkey is not present.
**/
int
shishi_authenticator_get_subkey (Shishi * handle,
Shishi_asn1 authenticator,
Shishi_key ** subkey)
{
int res;
int subkeytype;
char *subkeyvalue;
size_t subkeylen;
res = shishi_asn1_read_int32 (handle, authenticator,
"subkey.keytype", &subkeytype);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, authenticator, "subkey.keyvalue",
&subkeyvalue, &subkeylen);
if (res != SHISHI_OK)
return res;
res = shishi_key (handle, subkey);
if (res != SHISHI_OK)
return res;
shishi_key_type_set (*subkey, subkeytype);
shishi_key_value_set (*subkey, subkeyvalue);
return SHISHI_OK;
}
/**
* shishi_encticketpart_get_key:
* @handle: shishi handle as allocated by shishi_init().
* @encticketpart: input EncTicketPart variable.
* @key: newly allocated key.
*
* Extract the session key in the Ticket.
*
* Return value: Returns %SHISHI_OK iff successful.
**/
int
shishi_encticketpart_get_key (Shishi * handle,
Shishi_asn1 encticketpart, Shishi_key ** key)
{
int res;
char *buf;
size_t buflen;
int32_t keytype;
res = shishi_asn1_read_int32 (handle, encticketpart,
"key.keytype", &keytype);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, encticketpart, "key.keyvalue",
&buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_key_from_value (handle, keytype, buf, key);
free (buf);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
/**
* shishi_kdcreq_etype:
* @handle: shishi handle as allocated by shishi_init().
* @kdcreq: KDC-REQ variable to get etype field from.
* @etype: output encryption type.
* @netype: element number to return.
*
* Return the netype:th encryption type from KDC-REQ. The first etype
* is number 1.
*
* Return value: Returns SHISHI_OK iff etype successful set.
**/
int
shishi_kdcreq_etype (Shishi * handle,
Shishi_asn1 kdcreq, int32_t * etype, int netype)
{
char *buf;
int res;
asprintf (&buf, "req-body.etype.?%d", netype);
res = shishi_asn1_read_int32 (handle, kdcreq, buf, etype);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
/**
* shishi_authenticator_cksum:
* @handle: shishi handle as allocated by shishi_init().
* @authenticator: authenticator as allocated by shishi_authenticator().
* @cksumtype: output checksum type.
* @cksum: newly allocated output checksum data from authenticator.
* @cksumlen: on output, actual size of allocated output checksum data buffer.
*
* Read checksum value from authenticator. @cksum is allocated by
* this function, and it is the responsibility of caller to deallocate
* it.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_authenticator_cksum (Shishi * handle,
Shishi_asn1 authenticator,
int32_t * cksumtype,
char **cksum, size_t * cksumlen)
{
int res;
res = shishi_asn1_read_int32 (handle, authenticator,
"cksum.cksumtype", cksumtype);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, authenticator, "cksum.checksum",
cksum, cksumlen);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
/**
* shishi_kdcreq_get_padata:
* @handle: shishi handle as allocated by shishi_init().
* @kdcreq: KDC-REQ to get PA-DATA from.
* @padatatype: type of PA-DATA, see Shishi_padata_type.
* @out: output array with newly allocated PA-DATA value.
* @outlen: size of output array with PA-DATA value.
*
* Get pre authentication data (PA-DATA) from KDC-REQ. Pre
* authentication data is used to pass various information to KDC,
* such as in case of a SHISHI_PA_TGS_REQ padatatype the AP-REQ that
* authenticates the user to get the ticket.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_kdcreq_get_padata (Shishi * handle,
Shishi_asn1 kdcreq,
Shishi_padata_type padatatype,
char **out, size_t * outlen)
{
char *format;
int res;
size_t i, n;
res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &n);
if (res != SHISHI_OK)
return res;
*out = NULL;
*outlen = 0;
for (i = 1; i <= n; i++)
{
int32_t patype;
asprintf (&format, "padata.?%zu.padata-type", i);
res = shishi_asn1_read_int32 (handle, kdcreq, format, &patype);
free (format);
if (res != SHISHI_OK)
return res;
if (patype == (int32_t) padatatype)
{
asprintf (&format, "padata.?%zu.padata-value", i);
res = shishi_asn1_read (handle, kdcreq, format, out, outlen);
free (format);
if (res != SHISHI_OK)
return res;
break;
}
}
return SHISHI_OK;
}
/**
* shishi_apreq_get_authenticator_etype:
* @handle: shishi handle as allocated by shishi_init().
* @apreq: AP-REQ variable to get value from.
* @etype: output variable that holds the value.
*
* Extract AP-REQ.authenticator.etype.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_apreq_get_authenticator_etype (Shishi * handle,
Shishi_asn1 apreq, int32_t * etype)
{
return shishi_asn1_read_int32 (handle, apreq, "authenticator.etype", etype);
}